For SMBs, this bug presents a huge complication to business as usual. It is affecting companies’ online business and will likely cost quite a bit more by the time all sites and devices are patched and updated. What’s worrisome is the situation going into the Heartbleed challenge. According to data from the F-Secure Annual Report for 2013, only 59 percent of SMBs said that their software is patched and kept up-to-date. And surprisingly, only 63 percent of those businesses felt that they had enough IT support to keep all their software patched and updated.

The Heartbleed bug exploits a vulnerability in the OpenSSL protocols to enable an attacker to access data during file sharing, communications and even while sitting on a “protected” server. So only websites and networked equipment that use SSL would be vulnerable. However, the list for the sites and devices affected by Heartbleed is a bit overwhelming.

For these reasons, it’s imperative for SMBs to take the Heartbleed bug seriously and for IT staff to be meticulous in their work to ensure all Web-facing presences and networked devices are patched.

… 2FA does make it harder for the crooks. And while it wouldn't have made Heartbleed less of a bug, it would have made any passwords harvested by means of the bug much less useful, perhaps even useless. In short: we recommend 2FA.

Paul Ducklin, the NakedSecurity blog writer, explains how 2FA works and how companies can employ this technology to provide stronger, more robust security to its networks. Ducklin explains 2FA in easy-to-understand terms:

Examples of 2FA include:

An ATM (cashpoint) withdrawal. You have a card issued by the bank. You know a PIN that unlocks the card for use. Neither one on its own gets you anything.

An immigration check at the US frontier. You have a passport. You are the person with specific fingerprints.

A secure WordPress login. You know a password. You have possession of a mobile phone that receives a one-off authentication code.

Ducklin goes further to explain the best methods for implementing 2FA (he recommends the one-time-password [OTP] method via SMS). This method is fairly simple to deploy and shouldn’t prove too costly for cash-strapped SMB IT departments. Although using this security method doesn’t guarantee any network absolute security, it can provide a second layer of protection where it is most needed.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.